(12) 



UK Patent Application ,«.GB n>,2 270446 ,13.A 



(43) Dateof APublicatton 09.03.1994 



(21) Application No 9218816.8 

(22) Dateof Filing 04.09.1992 



(71) Applicant(5} 

IBM UK Ltd 

(Incorporated in the Unrted Kingdom) 

PO Box 41, North Harbour, Portsmouth, Hampshire, 
United Kingdom 

(72) Inventorls) 

Christopher J HoIIoway 

(74) Agent and/or Address for Service 
J P Richards 

IBM United Kingdom Patent Operations, 
Hursley Park, Winchester Hants, S021 2JN, 
United Kingdom 



(51) INTCLS 

H04L 9/32 9/30 

(52) UK CL (Edition M ) 

H4P PDCSC PDCSX 

(56) Documents Cited 

EP 0393806 A2 EP 0277247 A1 EP 0254812 A2 

(58) Field of Search 

UK CL (Edrtion K ) H4P POCSP P0C5S PDCSX 
INTCL^ H04L 9/30 9/32 
ONLINE DATABASES : WPI 



(54) Establishing a common cryptographic key at two ciyptographic sites 



(57) The method includes preparing a portable data processing device ("smart card") at each site having a 
first data record which can only be read at that site but which can be written to at any site, and a second data 
record which can only be written at that site but which can be read at any site, the device also containing a 
testable key particular to that device. Each site also creates and publishes a set of test patterns against which 
the authenticity of the card can be verified. Each site then creates one part of the key to be agreed upon, and a 
test pattern for that key part. The test pattern is written to the site's own smart card in the second data record. 
The cards are exchanged, and the received cards are tested for authenticity using the published test patterns. 
Once accepted as genuine, the test pattern for the key part of the other site (s read and stored. The key part 
previously generated is written onto the first data record of the received card. The cards are exchanged again. 
The key part Is read at the home site of the card. The key part is verified for authenticity against the stored test 
pattern which was received earlier. Each site then combines the received key part with the locally created key 
part and they now share a common key. 
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IMPROVEMENTS IN CKYPTOGRAPHY 

This invention relates to metJiod of establishing a common 
cryptographic key at two cryptographic, sites. 

In general, cryptography has u.s*^d three main forms of algorithm: 
Hashing Algorithms - these are one way functions which require no secret 
keys to be distributed. 

Public Key Algorithms - these /ire ^symmetric key systems which have 
the advantage for the initial distribuhion of keys that the distributed 
key may be published. As there is no require^nont for secrecy, initial 
keys may be exchanged between previous ly unknown systems without the need 
for a channel of secrecy (for exaraplA trusted couriers). 

Symmetric Key Algorithms - these algorithms require that the same 
secret key is held by both the sender and receiver of messages. The 
exchange of of initial secret keys between previously unkjiot^ systems has 
in the state of the art always been relatively expensive, because it has 
required a channel of secrecy as well as of integrity to exchange these 
initial keys. 

It has been proposed that by providing public key cryptcgraphy to 
manage the initial keys of symmetric key algorithms, the problem of key 
exchange may be addressed. However, thic: requires a system supporting 
both algorithms in a closely integrated and sec»jre environment, commonly 
known as a hybrid scheme. 

It is therefore an object of tbiF invention to provide a new 
approach to the distribution of initial symmetric keys that does not 
require the use of hybrid cryptographic systems or trusted couriers. 

This object is attained by the method claimed iji claim 1. 

The invention provides a substantial reduction in th'2 cost of the 
initial key establisheraent for symmetrJc key systems, especially when 
implemented using cryptographic products which are alraady available on 
the market, and using only publicly available ser^/ices for the carriage 
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of information such as the press or the r^gulfir mail services, or such 
business meetings as would have been necessary for the establishment of 
prerequisite contracts. 

An embodiment of the invention will now bi?. described. The 
embodiment can (but need not) be impTp-me-nted using IBM Transaction 
Security System products which are thp. TBM 4753 Network Security 
Processor which attaches to an central host computer running the IBM MVS 
Operating System, the IBM A755 Cryptographic Adapter card, which resides 
inside a Personal Computer supporting thn. AT-Bus or. MicroChannel 
architecture and running the DOS or nS/2 opp-rating systems, the IBM 4754 
Security Interface Unit which can actnch to either of the foregoing to 
provide secure communications with thr 7BM Personal Security card which 
is a so-called "smart" card with secured data storage and cryptographic 
processing capability. The IBM Personal Security Card and the IBM 4753, 
4754 and 4755 each have secure storagr. for encryption keys and 
cryptographic processing capability. 

In the embodiment it is assumed that each site on which cryptography 
must run has established a fully operational cryptographic environment 
supporting a key management application and hardware facilities necessary 
to support the scheme. Such a system may have been set-up locally or via 
a central initialisation facility. Neither site need have any prior 
knowledge of the other site, but each stipports the following: 

1. Common Symmetric Key Algorithm Support - both sites support the same 
symmetric algorithm. The Data Encryption Algorithm or DEA is a 
standardised and widely used symmetric algorithm. 

2. Key Part Loading - in most DEA systems, initial keys are loaded into 
the system by providing two or more clear parts. These are either 
concatenated or exclusive-ORed (XORed) together. It is assunred that a 
common mechanism is supported at both sites. 

3. Key Test Algorithm - both sites support a common method to test the 
true value of an installed key. The algorithm should not provide a 
channel of attack to discover the true key value, llie key test is 
available in two parts, the first to generate a pattern from an installed 
key, the second to verify a pattern agaatist an installed key. The 
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mechanism is available for testing ki-y pnrts as well as completed keys. 
Such on algorithm is exemplified by the TBM TS5 Key Test verb. 

4. A Secure Portable Data Processing novice - such would be typified by 
a smart card, but other possibilities nxist. The description uses "smart 
card" in this generic sense. Smart cards are used as the transport 
mechanism, and are interchangeable bntween the two sites. The IBM 
Personal Security card may be used and hfls the following functions: 

a. Access Control - functions perform*:^^ on the smart card may be 
selectively and independently controlled such that some are 
publicly available, and some require thflt the smart card 
authenticates the user. Publicly available means available both 
without user authentication, and without restriction as to which 
site the card is attached at the time. 

b. User Authentication - this is securely performed for users of the 
smart card by any means deemed adequate (eg PIN or Signature). 

c. Site Restriction - user authentication is restricted on the smart 
card to being available only at the "home site" of the smart card. 
This restriction is preferably be enforced by a random two way 
ciryptographic challenge. 

d. Data Access Control - a first data record on the smart card is 
capable of being defined such that it requires user authentication 
to allocate, read, delete or clear the data record; but writing to 
the data record is a publicly available function. A second data 
record on the smart card is capable of being defined such that it 
requires user authentication to allocate, write, delete or clear 
the data record; but reading the data from the record is a 
publicly available function. 

e. Testable Key Register - a key register on the smart card contains 
a testable key that cannot bn exported from the smart card. Tho 
Key Test function is publicly available. For the IBM Personal 
Security card the register is the smart card's Master Key 
register. 

5. Site Access Control - each site is capable of access, control to its 
cryptographic facilities independently of the use at the site of an 
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'alien' smart card (that is one whdch is wnlcnown to the site). Such 
control could be by means of a previously entered "home" smart card. 

There are several steps to the tnpthod, which are the same at both 
sites. The method is therefore described from the perspective of just 
one of the sites. 

Each step of the mechanism is described in more detail below. In 
brief, however, each site creates a smart card with the properties 
described above with their two data rrcords and a testable key in place. 
Each site also creates a set of test patterns which may be published and 
against which the authenticity of the card itself can be verified by the 
other party. Each site then creates on<?. part of the key to be agreed 
upon, and a test pattern for that key part. The test pattern is written 
to the site's own smart card in a data record that can be written only by 
this site but read publicly (so that it is accessible to the other site). 
The cards are exchanged through the msjl or via any other suitable means. 
The received cards are tested for authenticity using the published test 
patterns. Once accepted as genuine, th.. test pattern for the key part of 
the other site is read and stored. The. key part previously generated is 
written onto a data record of the received card; this data record allows 
public writing but restricts reading to the receiving site. The cards 
are exchanged again. The key part is read at the home site of the card, 
this is the only site at which it can be read, and ensures secrecy of the 
key part. The key part is verified for authenticity against the stored 
test pattern which was received earlier on an authenticated card; this 
process ensures the integrity of the key part (that it genuinely came 
from the author of the test pattern) . Each site then combines the 
received key part with the locally created key part and they now share a 
common key. As the key parts were created without a prior knowledge of 
the value of the other part, the value of the resulting key is truly 
arbitrary. As the verification pattern for the key part was read from an 
authenticated card it can be" established that the key part originated 
from the other site. A key has been agreed between sites with full 
integrity and secrecy, and at low cost. 

In more detail, the steps of thn method are: 
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1. Set Up - the smart card(s) to be visoH for k«y exchange are prepared. 
For each smart card, a testable key is installed both on the card itself 
and at the owning site. A number of trne key test patterns are cre«ted 
for the testable key. A number of ffl]se te.st patterns are also generated 
and tested to ensure that they arp. fnlao.. (The magnitude of "number" 
depends upon the degree of testing required and could be as small as 
two). The test patterns are publishftd or otherwise sent to the other 
party . 

2. Key Part Creation - a key part iP r.rftated and installed on the home 
site. A test pattern for this part i.'' generated and written to a secured 
but publicly readable. first data recorH on the smart card. Identifiers 
may also be written to the smart card. .^ secured but publicly writable 
second data record is also created on the card £or use at the other site. 

3. Card Exchange - the smart cards pt". exchanged, for example through 
the regular mail. In this case a mimber of true and false test patterns 
would have been published. Otherwi.«!o tho cards may be exchanged as a 
part of a contract negotiation or signing process, in which case a number 
of true and false test patterns could be exchanged at the saire time. 

Upon receipt, the card is tested by presenting true and false key 
test patterns. Upon request any number of further key patterns may be 
obtained from the correspondent by phone or mail, and tested for true or 
false. Similarly a number of true and false te.st patterns cculd be 
derived from card itself, and used to challenge the owner (again ov«r the 
phone or by mail) who would use the site-installed copy of the card's key 
to determine which are true and which are false. 

The number of such tests will bft determined by the degree of 
certainty required that the card Is genuine. The technique is well 
established related to 'Zero Knowle.dRf- Proof. For 'n' satisfactory 
tests, the residual probability of a f^kc smart card is two to the power 
of minus ' n ' . 

4. Key Part Exchange - once the card has been accepted as genuine, the 
publicly readable second data record in read and the test pattern it 
holds is securely stored at the receiving site. The key part that had 
been locally created is then written to t.he publicly writable first data 
record on the smart card. Identif ierF may also be written to the smart 
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card. This data cannot be read except at the smart card's own site. Its 
secrecy is therefore assured. 

5. Card Return - the smart card(s) nre tMm returned to their home 
sites, for example through the regulnr mnil . 

6. Card Reception - upon receipt tb*- cnrd Is tested again for 
genuineness, by using true and false test patterns as described in step 3 
above. This step distinguishes the card from any others that may be in 
current circulation from that site. 

7. Key Part Reception - the smart r.PvcV s authorised user authenticates 
himself to the card. The first data record is now read. The key part on 
the received smart card is verified ng^inst the previously stored test 
pattern and if good is combined with th/it the previously generated key 
part that had been dispatched on a smart card to the other site. The 
result is the same key at both sites. 

8. Testing The Key - a final stage of verification could be applied to 
the combined key. This could be performed in a variety of ways. A key 
test could be conducted over the phone (as above), or messages exchanged 
across a network and protected under the key. 

An initial encryption key has now been exchanged between the 
parties. The same process could have been used to exchange several keys, 
or further keys could now be exchanged over a network under the 
protection of the Initial key. 

Secrecy is preserved as the key y^arts can be read only at the home 
site. Integrity is preserved through the authentication of the card and 
of the key part using the key test procedure. The cost of the key 
exchange is minimal in comparison to traditional courier based methods. 

Further restrictions regarding timeliness of the procedure could be 
enforced if so desired. 



UK9-91-053 



7 



CLAIMS 



1. A method of establishing a common rr yptogrgphic key at two 
cryptographic sites each supporting n mmmov mo.thod of key testing using 
test patterns, comprising at each sitp.: 

(a) preparing a portable data processing device having a first data 
record which can only be read at that site but which can be 
written to at any site, and a second data record which can only be 
written at that site but which cnTi he read at any site, 

(b) creating a partial key and a test pattern therefor, and writing 
the test pattern but not the partia3 key into the second data 
record^ 

(c) sending the device to the other sire, 

(d) reading the test pattern from tho. sA<-.ond data record of the other 
site's device and storing it at th? site, 

(e) writing the partial key created at. step (b) into the first data 
record of the other site's device, 

(f) returning the other site's device to the other site, 

(g) reading the partial key created at Irh^. othp,T site from the first 
data record of the returned devicp. and verifying it using the test 
pattern obtained at step (d) , and 

(h) combining the partial key created at step (b) with the partial key 
read at step (g) form a full kpy which is the same as that formed 
at the other site. 

2. A method as claimed in claim 1, wherein the portable data processing 
device also containing a testable kp.y particular to that device, and 
wherein the method further comprises: between stsps (a) and (b) the 
further step of creating a further test pattern against which the 
authenticity of the device can be ani:hent:icated by the other site, and 
making such pattern available to the. other sit«. between steps (c) and 
(f) the further step of authenticating the other site's device using the 
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further test pattern, and between stops ( f ) and (h) the further step 
authenticating the returned device using the further test pattern. 
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